Académique Documents
Professionnel Documents
Culture Documents
Historically, ERM grew out of a control focus that while important, is not nearly enough to achieve true ERM
Silo-driven
Enterprise-wide
Effective for:
Strategic, financial, and operational risks Governance, policies and procedures IT Security and Recovery Disaster preparedness Improving internal controls and compliance Hazards Transferable / insurable risks
April 9th, 2010 Page 3
Integrated approach to managing strategic, financial, and operational risks Identify, quantify, and manage risk exposures with a focus on shareholder value creation and protection Includes corporate governance and risk management requirements from entities such as stock exchanges (NYSE) and rating agencies Focus on disaster preparedness and emergency response planning IT recovery, business impact analysis, pandemic planning Expanded to include Sarbanes Oxley in the wake of corporate scandals in the US in 2000 - 2002 COSO* Framework Preserve assets, protect people, and comply with laws Dealing with different risks and hazards Risk transfer and insurance
* Committee of Sponsoring Organizations of the Treadway Commission report on internal controls (1987)
Consistency: Are the risks being valued and treated on a comparable basis? A corollary to this is ensuring economically consistent decisions on levels, costs, and benefits of specific risk treatments. Organizations tend to ignore risks that are not explicitly quantified.
Value creation: In business, no risk no return! So how do we engage in taking risks that create value and manage these risks well? This requires capturing the total uncertainty in the value of the enterprise, including upside value uncertainty and downside risks.
April 9th, 2010 Page 4
Value-driven ERM meets these challenges with a unifying perspective and superior methodology.
Coverage: is ensured with bottoms-up integration of specific risk domains and a top-down valuation perspective, plus better means of identifying and quantifying risks. You still have to do all the blocking and tackling but we have a consistent measure of importance. Consistency: is ensured by evaluating all risks on the same basis of impact on total enterprise value and applying a consistent risk appetite. Value creation: is covered by an approach that focuses on quantifying the full range of uncertainty in the enterprise value and the key risk drivers, rather than only low-probability, high-impact negative events.
creating value with clients
April 9th, 2010 Page 5
Focus on event risk and missing value drivers Missing interconnectedness and downstream decisions (strategic options) Failure to account for psychological distortions in risk judgment Focus on only the downside (i.e., risk is a four-letter word) Compliance mentality only
creating value with clients
April 9th, 2010 Page 6
ERM is process-intensive and must be monitored and communicated, both upward and downward.
Risk Management Process Map Corporate Board and Senior Management
The ERM Dashboard will display the risk content and activities information needed by the CRO.
CFO
CRO
COO BU Leadership
CDO CSO
Strategic
Define the strategic agenda and lead the value creation process within the BUs.
Lead the value creation process beyond BUs. Seize & protect strategic opportunities.
Install and oversee planning process and assure culture of accountability.
April 9th, 2010 Page 9
Install and oversee Operational ERM framework and assure culture of accountability.
creating value with clients
Lead and manage the value delivery agenda & activities functions, operations, and project portfolio.
Consistent
Ongoing